Does S2Member Modify Core WordPress Files?

I apologize if this has been asked before. I’ve searched and couldn’t find an answer. Since my server was hacked a few days ago, I added the Sucuri monitoring tool to alert me to changes. Since I had to do a fresh install of the WordPress core files yesterday morning, I know I had installed a pristine copy. Yet today the monitoring tool reports that 4 core files have been changed because their checksums don’t match the pristine versions. The 4 files are:

wp-admin/user-new.php
wp-includes/load.php
wp-includes/ms-functions.php
wp-login.php

When I look in these files and diff them against the pristing versions, I see this comment:

// Modified for full plugin compatiblity.

Notice compatibility is spelled incorrectly as well. Is this change something s2Member does or is it changed because of a backdoor left on my system? If it’s a change from the plugin, may I ask that you indicate as much in the comment by adding:

// Modified for full plugin compatibility.–s2member

I think s2Member modifies those for a multisite network. See: [hilite path]Dashboard -› s2Member® -› Multisite (Config) -> Patches[/hilite]

Thanks for pointing out the typo. And I’ll forward your suggestion to Jason.

Thank you Cristián. You are correct.

Cool. Thanks for the update. :)